The joint study by M86 Security and Osterman Research found that 49% of responding companies acknowledged that security breaches occurred but were accepting them as a cost of business.
The study – titled 'The Global Malware Problem: Complacency Can Be Costly' – shows 27% of respondents stating that malware problems increased in the past 12 months, and 64% responding that malware problems remained the same.
According to Michael Osterman, president of Osterman Research, with more than 78% of organisations experiencing malware breaches during the last 12 months, it's clear these attacks are becoming a part of the fabric of the internet.
"What's surprising is the degree of complacency – often driven by lack of budget or adequate information – these companies exhibit in light of the uptick and complexity of the recent cyber attacks, even among those tasked with caring for data which can include customer information and intellectual property", he said.
"The pervasiveness of malware demonstrated in this study indicates a real need for businesses to educate themselves on the latest threats, in order to protect against serious security breaches", he added.
Delving into the report – which was carried out amongst 378 small, mid-sized and large organisations with an average of 10,600 employees – found that 70% of organisations have experienced a web-borne malware infection and 50% have experienced malware infiltration through email.
Researchers also found that, whilst 30% of organisations surveyed reported no financial impact arising from an attack, 44% said that the cost of an attack was as high as $10,000 for a single episode.
"Another 15% estimate the financial impact at between $10,000 and $50,000. Interesting, but not surprising, while 70% of organisations reported some financial loss following a malware attack", says the report.
Based on the data collated, Osterman found that the total cost of remediating a single malware attack is $3,996. And, the firm notes, if there was a median of five attacks a year, the total cost of remediating attacks will be nearly $20,000 annually.
Against the backdrop of its report, Osterman recommends that organisations seriously consider addressing malware prevention, detection, and remediation in two ways:
Train end users – users should be trained on how to properly surf the web, what they should do when they encounter a blended threat, how they should be wary of emails whose source is not known, how to spot phishing attempts, and the like. Proper training can prevent some malware attacks and can thwart some social engineering techniques used by malware authors.
Address the long-term, strategic impacts – because no amount of user training can address all of the malware issues that organisations face, the right technologies must be deployed that can detect malware and prevent it from harming an organisation.
This, says Osterman, includes addressing malware detection and remediation at every ingress point, including email, smartphones, Web browsers and the growing multitude of other platforms from which malware can enter the network.